This document provides a basic configuration example for how to establish a point-to-point bridged link using the Mesh Network solution. This example uses two lightweight access point (LAPs). One LAP operates as a roof-top access point (RAP), the other LAP operates as a pole-top access point (PAP), and they are connected to a Cisco Wireless LAN (WLAN) Controller (WLC). The RAP is connected to the WLC through a Cisco Catalyst switch.

The information in this document is based on these software and hardware versions:

Cisco 4402 Series WLC that runs firmware 3.2.150.6

Two (2) Cisco Aironet 1510 Series LAPs

Cisco Layer 2 Switch

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

The Cisco Aironet 1510 Series Lightweight Outdoor Mesh AP is a wireless device designed for wireless client access and point-to-point bridging, point-to-multipoint bridging, and point-to-multipoint mesh wireless connectivity. The outdoor access point is a standalone unit that can be mounted on a wall or overhang, on a rooftop pole, or on a street light pole.

The AP1510 operates with controllers to provide centralized and scalable management, high security, and mobility. Designed to support zero-configuration deployments, the AP1510 easily and securely joins the mesh network and is available to manage and monitor the network through the controller GUI or CLI.

The AP1510 is equipped with two simultaneously operating radios: a 2.4-GHz radio used for client access and a 5-GHz radio used for data backhaul to other AP1510s. Wireless LAN client traffic passes through the backhaul radio of the AP or is relayed through other AP1510s until it reaches the controller Ethernet connection.

RAPs have a wired connection to a Cisco WLC. They use the backhaul wireless interface to communicate with neighboring PAPs. RAPs are the parent node to any bridging or mesh network and connect a bridge or mesh network to the wired network. Therefore, there can only be one RAP for any bridged or mesh network segment.

Note: When you use the mesh networking solution for LAN-to-LAN bridging, do not connect a RAP directly to a Cisco WLC. A switch or router between the Cisco WLC and the RAP is required because Cisco WLCs do not forward Ethernet traffic that comes from an LWAPP-enabled port. RAPs can work in Layer 2 or Layer 3 LWAPP mode.

PAPs have no wired connection to a Cisco WLC. They can be completely wireless, and support clients that communicate with other PAPs or RAPs, or they can be used to connect to peripheral devices or a wired network. The Ethernet port is disabled by default for security reasons, but you should enable it for PAPs.

Note: Cisco Aironet 1030 Remote Edge LAPs support single-hop deployments while Cisco Aironet 1500 Series Lightweight Outdoor APs support both single- and multi-hop deployments. As such, Cisco Aironet 1500 Series Lightweight Outdoor APs can be used as rooftop APs and as PAPs for one or more hops from the Cisco WLC.

All traffic travels through the RAP and the Cisco WLC before it is sent to the LAN.

When the RAP comes up, the PAPs automatically connect to it.

The connected link uses a shared secret to generate a key that is used to provide Advanced Encryption Standard (AES) for the link.

Once the remote PAP connects to the RAP, the mesh APs can pass data traffic.

Users can change the shared secret or configure the mesh APs using the Cisco command line interface (CLI), the Cisco web user interface of the controller, or the Cisco Wireless Control System (Cisco WCS). Cisco recommends that you modify the shared secret.

GUI Configuration

Enable Zero Touch Configuration enables the APs to get the shared secret key from the controller when it registers with the WLC. If you uncheck the this box, the controller does not provide the shared secret key, and the APs use a default pre-shared key for secure communication. The default value is enabled (or checked). Complete these steps from the WLC GUI:

Note: There is no provision for Zero-Touch configuration in WLC version 4.1 and later.

Choose Wireless > Bridging and click Enable Zero Touch Configuration.

Select the Key Format.

Enter the Bridging Shared Secret Key.

Enter the Bridging Shared Secret Key again in the Confirm Shared Secret Key.

CLI Configuration

Complete these steps from the CLI:

Issue the config network zero-config enable command in order to enable the zero touch configuration.

(Cisco Controller) >config network zero-config enable

Issue the config network bridging-shared-secret <string> command in order to add the bridging shared secret key.

This section provides instructions on how to configure the role of the AP in the mesh network and related bridging parameters. You can configure these parameters using either the GUI or the CLI.

Click Wireless and then All APs under Access Points. The All APs page appears.

Click the Detail link for your AP1510 in order to access the All APs > Details page

On this page, the AP Mode under General is automatically set to Bridge for APs that have bridge functionality, such as the AP1510. This page also shows this information under Bridging Information. Under Bridging Information, choose one of these options in order to specify the role of this AP in the mesh network:

MeshAP—Choose this option if the AP1510 has a wireless connection to the controller.

RootAP—Choose this option if the AP1510 has a wired connection to the controller.

Note: Always try to use the Enable Zero Touch Configuration option if available for a version. This automatically configures the key for the Mesh APs and avoids misconfigurations.

RAPs do not forward any broadcast messages on their Radio interface. So configure the DHCP server to send IP addresses through unicast so that MAP can get their IP addresses forwarded by RAP. Otherwise use a static IP for the MAP.

Either leave the Bridge Group Name at default values or make sure that Bridge Group Names are configured exactly the same on MAPs and the corresponding RAP.